PT-2026-48331

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch adopts a fork chain whose tip is a macro block checkpoint or election, it only updates self.head but fails to update self.macro...

PT-2026-48330

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2p handles kad get-record query progress in handle dht get network-libp2p/src/swarm.rs. Prior to version 1.4.0, when a peer returns a FoundRecord, the code verifies the reco...

Medium: device-mapper-persistent-data

Issue Overview: An unsoundness issue RUSTSEC-2026-0097 was found in the bundled Rust rand crate used by device-mapper-persistent-data. ThreadRng methods use unsafe code that can create aliased mutable references when a custom logger accesses rand::rng or rand::threadrng during reseeding, resultin...

Amazon Linux 2023 : papers, papers-devel, papers-libs (ALAS2023-2026-1782)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1782 advisory. CVE-2026-46529 is a command injection vulnerability in Evince, Atril, and Xreader caused by missing quoting of shell-like input in evspawn in ev-application.c. CVE-2026-46529 An unsoundness issue...

Important: papers

Issue Overview: CVE-2026-46529 is a command injection vulnerability in Evince, Atril, and Xreader caused by missing quoting of shell-like input in evspawn in ev-application.c. CVE-2026-46529 An unsoundness issue RUSTSEC-2026-0097 was also found in the bundled Rust rand crate. ThreadRng methods us...

Amazon Linux 2023 : device-mapper-persistent-data (ALAS2023-2026-1791)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1791 advisory. An unsoundness issue RUSTSEC-2026-0097 was found in the bundled Rust rand crate used by device-mapper- persistent-data. ThreadRng methods use unsafe code that can create aliased mutable references when...

[SECURITY] Fedora 44 Update: rust-1.96.0-1.fc44

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

Fedora 44 : rust (2026-e251935c8f)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-e251935c8f advisory. Update to Rust 1.96.0: New Range types Assert matching patterns Changes to WebAssembly targets Stabilized APIs Cargo CVE-2026-5222 and CVE-2026-5223...

CVE-2026-35457

libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, the rendezvous server stores pagination cookies without bounds. An unauthenticated peer can repeatedly issue DISCOVER requests and force unbounded memory growth. This vulnerability is fixed i...

IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks

Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 legitimate packages to distribute a Rust-based information stealer and a self-spreading worm, respectively. According to JFrog, the information stealer...

CVE-2026-25541 affecting package rust-afterburn for versions less than 5.8.2-2

CVE-2026-25541 affecting package rust-afterburn for versions less than 5.8.2-2. A patched version of the package is available...

IMAPServer (=0.2.0), IMAPServer-cli (=0.1.0) +369 more potentially affected by unknown CVE via diesel (>=0.10.1 <=2.2.12)

diesel CARGO version =0.10.1, =0.1.0, =0.1.0, =0.1.0, =0.4.0, =0.1.4, =0.1.11, =0.1.0, =0.5.0, =0.1.0, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0172...

[SECURITY] Fedora 44 Update: rust-sequoia-wot-0.15.2-1.fc44

An implementation of OpenPGP's web of trust...

[SECURITY] Fedora 44 Update: rust-sequoia-sq-1.3.1-12.fc44

Command-line frontends for Sequoia...

[SECURITY] Fedora 44 Update: rust-sequoia-sop-0.37.3-4.fc44

An implementation of the Stateless OpenPGP Interface using Sequoia...

[SECURITY] Fedora 44 Update: rust-sequoia-chameleon-gnupg-0.13.1-13.fc44

Sequoia's reimplementation of the GnuPG interface...

[SECURITY] Fedora 44 Update: rust-sequoia-cert-store-0.7.3-1.fc44

A certificate database interface...

[SECURITY] Fedora 43 Update: rust-sequoia-wot-0.15.2-1.fc43

An implementation of OpenPGP's web of trust...

[SECURITY] Fedora 43 Update: rust-sequoia-sq-1.3.1-12.fc43

Command-line frontends for Sequoia...

[SECURITY] Fedora 43 Update: rust-sequoia-octopus-librnp-1.11.1-7.fc43

Reimplementation of RNP's interface using Sequoia for use with Thunderbird...